CVSS: 5.0EPSS: 2%CPEs: 53EXPL: 0CVE-2012-6152 – pidgin: DoS when decoding non-UTF-8 strings in Yahoo protocol plugin
https://notcve.org/view.php?id=CVE-2012-6152
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. El plugin del protocolo de Yahoo! en libpurple en Pidgin anterior a 2.10.8 no valida debidamente datos UTF-8, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de secuencias de bytes manipuladas. • http://hg.pidgin.im/pidgin/main/rev/b0345c25f886 http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://pidgin.im/news/security/?id=70 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2012-6152 https://bugzilla.redhat.com/show_bug.cgi?id=1056473 • CWE-20: Improper Input Validation CWE-172: Encoding Error •
CVSS: 6.4EPSS: 1%CPEs: 53EXPL: 0CVE-2013-6483 – pidgin: Possible spoofing using iq replies in XMPP protocol plugin
https://notcve.org/view.php?id=CVE-2013-6483
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. El plugin del protocolo XMPP en libpurple en Pidgin anterior a 2.10.8 no determina adecuadamente si la dirección origen en una respuesta iq es consistente con la dirección destino en una solicitud iq, lo que permite a atacantes remotos falsificar tráfico iq o causar una denegación de servicio (referencia a un puntero NULL y caída de la aplicación) a través de una respuesta manipulada. • http://hg.pidgin.im/pidgin/main/rev/93d4bff19574 http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://pidgin.im/news/security/?id=78 http://www.debian.org/security/2014/dsa-2859 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2013-6483 https://bugzilla.redhat.com/show_bug.cgi?id=1056978 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.1EPSS: 1%CPEs: 53EXPL: 0CVE-2013-6485 – pidgin: Heap-based buffer overflow when parsing chunked HTTP responses
https://notcve.org/view.php?id=CVE-2013-6485
Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data. Desbordamiento de buffer en util.c en libpurple en Pidgin anterior a 2.10.8 permite a servidores HTTP remotos causar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través del campo de tamaño de fragmento en datos de codificación de transferencia truncados. • http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://pidgin.im/news/security/?id=80 http://www.debian.org/security/2014/dsa-2859 http://www.securityfocus.com/bid/65243 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2013-6485 https://bugzilla.redha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.0EPSS: 3%CPEs: 53EXPL: 0CVE-2013-6489 – pidgin: Heap-based buffer overflow in MXit emoticon parsing
https://notcve.org/view.php?id=CVE-2013-6489
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. Error de signo de enteros en la funcionalidad MXit en Pidgin anterior a 2.10.8 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) a través de un valor manipulado de emoticono, lo que provoca un desbordamiento de entero y desbordamiento de buffer. • http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4 http://www.debian.org/security/2014/dsa-2859 http://www.pidgin.im/news/security/?id=83 http://www.securityfocus.com/bid/65192 http://www.ubuntu.com/usn/USN-2100-1 https://rhn.redhat.com/errata/RHSA-2014-0139.html https://access.redhat.com/security/cve/CVE-2013-6489 https://bugzilla.redhat.com/show_bug.cgi?id=1057490 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 1%CPEs: 51EXPL: 0CVE-2013-0274 – pidgin: missing nul termination of long values in UPnP responses
https://notcve.org/view.php?id=CVE-2013-0274
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. upnp.c en libpurple en Pidgin anterior a v2.10.7 no termina correctamente string de gran longitud en respuestas UPnP, permitiendo a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante el acceso a un red local. • http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html http://www.pidgin.im/news/security/?id=68 http://www.ubuntu.com/usn/USN-1746-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221 https://access.redhat.com/security/cve/CV •